All the samples I have seen have an identical document with different names, containing this malicious macro which then goes off and downloads various other components according to the Hybrid Analysis report, using the following URLs:

These appear to download as a set of malicious scripts [1][2][3] which then download a further component from:

bluemagicwarranty.com/wp-includes/theme-compat/getrichtoday.exe

This binary has a detection rate of 3/55. The Malwr report shows that it drops two other files, named as Zlatowef.exe [VT 3/55] and redtytme4.exe [VT 9/55] and it also downloads components from:38.65.142.12:12551/ON12/HOME/0/51-SP3/0/ELHBEDIBEHGBEHK38.65.142.12:12551/ON12/HOME/41/5/4/ELHBEDIBEHGBEHK

That IP is allocated to Cogent Communications in Mexico. The download is Upatre which means that the payload is almost definitely the Dyre banking trojan, even though the delivery mechanism of a Word document is unusual for Dyre.